PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities. (

#1458)

* PWX-30765: Updating golang, aws and gcloud sdk to fix vulnerabilities.

Signed-off-by: Priyanshu Pandey <[email protected]>

* Updating travis golang version

Signed-off-by: Priyanshu Pandey <[email protected]>

* Using seccomp=unconfined during docker run

Signed-off-by: Priyanshu Pandey <[email protected]>

* Adding CGO_ENABLED=0 in test binary

Signed-off-by: Priyanshu Pandey <[email protected]>

---------

Signed-off-by: Priyanshu Pandey <[email protected]>

.travis.yml

@@ -2,7 +2,7 @@ sudo: required
 dist: xenial
 language: go
 go:
-  - 1.19.1
+  - 1.19.10
 before_install:
   - sudo apt-get update -yq || true
   - sudo apt-get install go-md2man -y

Dockerfile

@@ -15,7 +15,7 @@ RUN microdnf clean all && microdnf install -y python3.9 ca-certificates tar gzip
 RUN python3 -m pip install awscli && python3 -m pip install oci-cli && python3 -m pip install rsa --upgrade
 
 
-RUN curl -q -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.10.3/2018-07-26/bin/linux/amd64/aws-iam-authenticator && \
+RUN curl -q -o /usr/local/bin/aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 && \
     chmod +x /usr/local/bin/aws-iam-authenticator
 
 #Install asdf
@@ -31,7 +31,7 @@ RUN asdf install kubelogin latest
 RUN asdf global kubelogin latest
 
 #Install Google Cloud SDK
-ARG GCLOUD_SDK=google-cloud-sdk-418.0.0-linux-x86_64.tar.gz
+ARG GCLOUD_SDK=google-cloud-cli-439.0.0-linux-x86_64.tar.gz
 ARG GCLOUD_INSTALL_DIR="/usr/lib"
 RUN curl -q -o $GCLOUD_SDK https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/$GCLOUD_SDK && \
     tar xf $GCLOUD_SDK -C $GCLOUD_INSTALL_DIR && rm -rf $GCLOUD_SDK && \

Makefile

@@ -13,7 +13,7 @@ STORK_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_STORK_IMAGE):$(DOCKER_HUB_STORK_TAG)
 CMD_EXECUTOR_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_CMD_EXECUTOR_IMAGE):$(DOCKER_HUB_CMD_EXECUTOR_TAG)
 STORK_TEST_IMG=$(DOCKER_HUB_REPO)/$(DOCKER_HUB_STORK_TEST_IMAGE):$(DOCKER_HUB_STORK_TEST_TAG)
 
-DOCK_BUILD_CNT  := golang:1.19.1
+DOCK_BUILD_CNT  := golang:1.19.10
 
 ifndef PKGS
 PKGS := $(shell go list ./... 2>&1 | grep -v 'github.com/libopenstorage/stork/vendor' | grep -v 'pkg/client/informers/externalversions' | grep -v versioned | grep -v 'pkg/apis/stork' | grep -v 'hack')
@@ -39,7 +39,9 @@ BIN         :=$(BASE_DIR)/bin
 VERSION = $(RELEASE_VER)-$(GIT_SHA)
 
 LDFLAGS += "-s -w -X github.com/libopenstorage/stork/pkg/version.Version=$(VERSION)"
-BUILD_OPTIONS := -ldflags=$(LDFLAGS)
+BUILD_OPTIONS := -ldflags=$(LDFLAGS) -buildvcs=false
+
+SECCOMP_OPTIONS := --security-opt seccomp=unconfined
 
 .DEFAULT_GOAL=all
 .PHONY: test clean vendor vendor-update px-statfs
@@ -66,29 +68,29 @@ lint:
 	done
 
 vet:
-	  docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	  docker run --rm $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		      /bin/bash -c "cd /go/src/github.com/libopenstorage/stork; \
 	          go vet $(PKGS); \
 	          go vet -tags unittest $(PKGS); \
 	          go vet -tags integrationtest github.com/libopenstorage/stork/test/integration_test"
 
 staticcheck:
-	  docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
+	  docker run --rm  $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
 		      /bin/bash -c "cd /go/src/github.com/libopenstorage/stork; \
 			  go install honnef.co/go/tools/cmd/[email protected]; \
 			  staticcheck $(PKGS); \
 			  staticcheck -tags integrationtest test/integration_test/*.go;staticcheck -tags unittest $(PKGS)"
 
 errcheck:
-	  docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	  docker run --rm  $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		      /bin/bash -c "cd /go/src/github.com/libopenstorage/stork; \
 	          GO111MODULE=off go get -u github.com/kisielk/errcheck; \
 	          errcheck -verbose -blank $(PKGS); \
 	          errcheck -verbose -blank -tags unittest $(PKGS); \
 	          errcheck -verbose -blank -tags integrationtest /go/src/github.com/libopenstorage/stork/test/integration_test"
 
 check-fmt:
-	  docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
+	  docker run --rm  $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
 		      /bin/bash -c "cd /go/src/github.com/libopenstorage/stork; \
 			  diff -u <(echo -n) <(gofmt -l -d -s -e $(GO_FILES));"
 
@@ -113,9 +115,9 @@ test:
 
 integration-test:
 	@echo "Building stork integration tests"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	docker run --rm $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		   /bin/bash -c 'cd /go/src/github.com/libopenstorage/stork/test/integration_test && \
-		   GOOS=linux go test -tags integrationtest $(BUILD_OPTIONS) -v -c -o stork.test;'
+		   CGO_ENABLED=0 GOOS=linux go test -tags integrationtest $(BUILD_OPTIONS) -v -c -o stork.test;'
 
 integration-test-container:
 	@echo "Building container: docker build --tag $(STORK_TEST_IMG) -f Dockerfile ."
@@ -132,27 +134,27 @@ codegen:
 
 stork:
 	@echo "Building the stork binary"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	docker run --rm $(SECCOMP_OPTIONS)  -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
            /bin/bash -c 'cd /go/src/github.com/libopenstorage/stork/cmd/stork && \
 		   CGO_ENABLED=0 GOOS=linux go build $(BUILD_OPTIONS) -o /go/src/github.com/libopenstorage/stork/bin/stork;'
 
 cmdexecutor:
 	@echo "Building command executor binary"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	docker run --rm $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		/bin/bash -c 'cd /go/src/github.com/libopenstorage/stork/cmd/cmdexecutor && \
 		GOOS=linux go build $(BUILD_OPTIONS) -o /go/src/github.com/libopenstorage/stork/bin/cmdexecutor;'
 
 storkctl:
 	@echo "Building storkctl"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	docker run --rm $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		/bin/bash -c 'cd /go/src/github.com/libopenstorage/stork/cmd/storkctl; \
 		CGO_ENABLED=0 GOOS=linux go build $(BUILD_OPTIONS) -o /go/src/github.com/libopenstorage/stork/bin/linux/storkctl; \
 		CGO_ENABLED=0 GOOS=darwin go build $(BUILD_OPTIONS) -o /go/src/github.com/libopenstorage/stork/bin/darwin/storkctl; \
 		CGO_ENABLED=0 GOOS=windows go build $(BUILD_OPTIONS) -o /go/src/github.com/libopenstorage/stork/bin/windows/storkctl.exe;'
 
 px-statfs:
 	@echo "Building px_statfs.so"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
+	docker run --rm  $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork  $(DOCK_BUILD_CNT) \
 		   /bin/bash -c 'cd /go/src/github.com/libopenstorage/stork/drivers/volume/portworx/px-statfs &&  \
            gcc -g -shared -fPIC -o /go/src/github.com/libopenstorage/stork/bin/px_statfs.so px_statfs.c -ldl -D__USE_LARGEFILE64;'
 
@@ -166,7 +168,7 @@ container: help
 
 help:
 	@echo "Updating help file"
-	docker run --rm -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
+	docker run --rm $(SECCOMP_OPTIONS) -v $(shell pwd):/go/src/github.com/libopenstorage/stork $(DOCK_BUILD_CNT) \
            /bin/bash -c "cd /go/src/github.com/libopenstorage/stork; \
                 apt-get update -y && apt-get install -y go-md2man; \
                 go-md2man -in help.md -out help.1; \